From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 17 Jul 2024 16:56:02 +0000 (+0200)
Subject: mkosi: Remove enforcing=0 from default kernel command line
X-Git-Tag: v257-rc1~893^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F33752%2Fhead;p=thirdparty%2Fsystemd.git

mkosi: Remove enforcing=0 from default kernel command line

We already have selinux=0 in the default kernel command line so
enforcing=0 is redundant. Instead, pass in enforcing=0 when we
enable selinux in TEST-06-SELINUX.
---

diff --git a/mkosi.conf b/mkosi.conf
index b1ac8950af6..56a89e8c228 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -68,7 +68,6 @@ KernelCommandLine=systemd.crash_shell
                   systemd.default_device_timeout_sec=30
                   # Make sure no LSMs are enabled by default.
                   selinux=0
-                  enforcing=0
                   systemd.early_core_pattern=/core
                   systemd.firstboot=no
                   raid=noautodetect
diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build
index ea1a381471b..fd670ae40da 100644
--- a/test/TEST-06-SELINUX/meson.build
+++ b/test/TEST-06-SELINUX/meson.build
@@ -3,7 +3,7 @@
 integration_tests += [
         integration_test_template + {
                 'name' : fs.name(meson.current_source_dir()),
-                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
+                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'enforcing=0', 'lsm=selinux'],
                 # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
                 # Use 'auto' to automatically fallback on non-uefi architectures.
                 'firmware' : 'auto',